Our company was using the BITNAMI stack with Redmine and Subversion for our production environment. So the goal was about changing the server and migrating the data from Redmine 1.4 to Redmine 2.0.3 including getting all repositories and permissions preserved.

I've tried to avoid webrick but rather use the fastCGI Module for Apache2.

Second was converting the built-in accounts from the database to LDAP (ActiveDirectory). This is the result of 2 days of work and googling is this little tutorial for setting up a mentioned box doing exactly this stuff. We are using CentOS 6 for that task.

"vi/vim" is the editor used this in this tutorial but you can you any editor you want. If my instruction tells you to edit a file, you can find the sequence "..." which means, there is something above or below that line of text, that needs to be edited. Do not include those dots...

I spent a lot of time to find out, that selinux can be a real party pooper. So I strongly recommend to disable that first before installing anything else. You can find a tutorial inside the howto section describing how to enable SELinux for your installation.

Be aware that the firewall is enabled by default (which is good!). So if you know which ports to open, do it now or disable the firewall (just for testing purposes). I'd really recommend disabling the firewall during installation and enable it (opening ports) after you are sure that everything works.

Unfortunately the default Repo from CentOS cannot deliver the fcgid module so it is important to include a replo, that can deliver this package. I use the Fedora Repo so it is time to activate this... Again - this can change so please take care which repository to use.

The last step requires some knowledge how to authenticate against your Active directory. First of all, open up Redmine in a web interface and enter the Administration dialogue. Select LDAP-Authentication adn create a new authentication entry.

Name: Enter a NAME for your entry, this can be anything...

Host: Enter the IP address of a domain controler unless you are really sure, that DNS is working correctly

Port: 389

Account: This one is kind of a pitfall. Enter the DN of the user object that can authenticate against the Active Directory.EXAMPLE: Assume that you have a domain that is called: mynetwork.local and an organizational unit that is named: myUsers. The DN of this organizational unit is: OU=myUsers, DC=mynetwork, DC=local If you create a user, which Display name is like ldap authentication user then the Account you need to enter is: CN=ldap authentication user, OU=myUsers, DC=mynetwork, DC=local. I'd recommend using a tool like Sysinternals ADExplorer if you are unsure about the distinguished name of your authentication user.

Base DN: This is the entry point, where Redmine tries to find users. In the example above you want to enter: OU=myUsers, DC=mynetwork, DC=local

LDAP Filter: You can enter any filter you like here, a valid filter for finding users is: (&(objectClass=user)(objectCategory=person)).

On-the-fly Usercreation: I tend to check this.. This allows the initial creation of a new user when the user logs on redmine.

This one is tricky, you want the authentication data from Active Directory but you also want the group permissions from Redmine. So you need to tell the logon mechanism to authenticate against AD and check inside the database, whether the user is SVN editor or not. Finally most of the work is done here with the redmine.pm script (remember, we've linked that already).

Fortunatelly the CentOS Perl implementation includes no module for Simple::LDAP. So we need to do some compiler work...

First of all, fetch the packages needed for building the necessary Perl modules.

yum -y install perl-CPAN perl-YAML

There are a lot of dependencies when trying to build the module, so I recommend to turn on automatic dependency handling inside the CPAN shell....Start up the shell:

perl -MCPAN -e shell

and then run the following two commands:

o conf prerequisites_policy follow
o conf commit

Now it is time, to install the module, still inside the shell. Enter

install Authen::Simple::LDAP

This takes some time... If queried for any dependencies or defaults, just acknowledge them with their default values - this should work.Close the shell after everything is done by entering

exit

Now we need to tell Apache where to find the authentication data, this is simple by editing the subversion.conf